Today's Arms Race: The Fight for Vaccine Appointments Between Humans and Bots

We humans are creatures of habit. We have our morning routines, our favorite time for a walk and our process of acquiring goods and services. At one time, we have all lined up to buy that sports ticket or hot item. In today’s world, we might get online, open many tabs in a web browser and then at the specific time, we hit “go” – all in an effort to acquire the high demand item – which for many, is a COVID-19 vaccine. Enter the need for automation and bots.

In my state (Ohio) we have a government website to help us find COVID vaccines. There are 102 locations in my county, each with a unique URL listed on a web page; 102 URLs to click in order to sign up for an appointment at one of 102 different locations. Conceivably, this means that getting a vaccine requires 102 open tabs open in my browser. Knowing most don’t have available appointments, the required investment of my time to find an open slot is significant.

Enter the world of the bots. Using automation, bots can (and are) scraping various COVID vaccine appointment websites for information and systematically showing available vaccine appointments near you. Instead of clicking 102 URLs, you find the next available slot posted by a good Samaritan. Other examples are Twitter bots that will tweet (x number of appointments available at y location), bots that look for keywords to signal available appointments and additional bots that will allow for people to book an appointment for a vaccine.

This is the altruistic phase of the relationship with bots and COVID vaccinations. Helping people in need find resources they require. This phase can last as long as it takes for the next phase to become impatient. We have already seen instances where people are finding appointment codes indicating they are in a disadvantaged group so they can go to the head of the line. We have seen this behavior already with tech experts in Silicon Valley setting up Twitter bot notifications for available slots. Similar actions were seen in MA where individuals built a centralized web site. The sort of people that figure this out and help others ditch the line, are the sort of people the next phase loves. 

The “but what about me” phase begins with someone understanding the system and the hidden advantages a small amount of understanding brings. Then they usually team up with someone else and they create automation that exploits some part of the system. I am sure in the near future it will be possible to just supply a few pieces of information, click a box and have an appointment automatically booked as it becomes available. Given market forces for the COVID-19 vaccine, I expect this will be something that will cost money, which means it may be something someone will try to make money on, even though the vaccine is free. This is a critical point for all readers to emphasize to their loved ones worried about the vaccine – no one in the US should have to pay for a vaccine.

Enter the anti-bot phase. As news of the previous phase hits the streets, organizations will want to ensure a fair market. Predictably, the vaccine distributors will claim they want fairness and will begin putting in measures to stop the automation. As this comes about, the game is on between the bot writers and the prevention mechanisms. Reverse engineering, vaccine bot kits, cook groups where information is shared all will ramp up. This is a simple arms race where we are racing to get as many arms as possible. 

What’s Hot on Infosecurity Magazine?